Companies you'll love to work for

105
companies
921
Jobs
Search 
jobs
Explore 
companiesTalent
 network
My job alerts

Director of Privacy and Compliance

Thalamus

Thalamus

Legal
Remote
Posted on Oct 5, 2024
Apply now

About Thalamus

Our mission is to help the right doctors practice at the right hospitals to treat the right patients. We leverage a passion for technology, medical education, equity, and data-driven research to optimize physician recruitment, starting with the medical residency recruitment process.

Our philosophy is that the opportunity to practice medicine in an ideal environment should be accessible to all, and ample medical research has shown that this results in patients getting better healthcare outcomes overall. We built a comprehensive interview management platform, backed by evidence-based research, to innovate, streamline, and optimize the residency recruitment process.

Our cloud-based software is used by hospital program administrators and faculty to manage all the moving pieces involved with application review, scheduling, interviewing (including virtually), scoring, and ranking. We work with ERAS (the centralized application clearinghouse) and the NRMP (where the match algorithm does its magic). Applicants use Thalamus to sign up for interviews in real time (like OpenTable) and manage their calendars.

Thalamus was born out of our founders’ first-hand experience navigating this stressful and costly process during a particularly challenging interview season disrupted by Hurricane Sandy. Since then, the company has scheduled over 4M interviews for 350K+ physicians. Over 750 academic medical centers and hospital systems in the US & Canada — representing 7,000+ residency and fellowship programs in over 150 specialties — trust Thalamus to recruit their next generation of physicians.

With Thalamus's strategic collaboration with the Association of American Medical Colleges (AAMC) announced in April 2023, nearly all academic medical centers and all medical residency and fellowship applicants will use Thalamus going forward. We are the premier solution and experts in Graduate Medical Education (GME) recruitment. The company is backed by prominent VCs in Silicon Valley.

This is the critical phase in the life of a physician dedicated to the dream of practicing medicine. Every year, approximately 50,000 medical students apply, and 35,000 match, to become medical residents at hospitals throughout the US. We’re honored to play our role in this process.

Thalamus is hiring a Director of Privacy and Compliance to oversee data privacy and regulatory compliance, and manage risks related to the handling and processing of customer and employee data. Your efforts will help us maintain our market leadership in GME recruitment and take us successfully into the physician recruitment space so we can continue delivering a seamless, world-class product and experience that empowers med students, residents, fellows, and physicians to be in the driver's seat for their careers, and that allows programs and hospitals to optimally match candidates to their needs.

You will:

  • Lead the process to achieve and maintain SOC2 Type 2 certification

  • Compliance

    • Develop and implement data privacy programs to ensure ongoing GDPR and CCPA compliance

    • Develop and enforce data retention policies to ensure compliance with regulations

    • Ensure customer and vendor contracts meet data privacy and security compliance requirements

    • Ensure company-wide compliance with customer contracting requirements

    • Review third-party vendor contracts to ensure data handling and privacy standards align with the company’s compliance framework

    • Serve as the point of contact for regulatory bodies, customers, and auditors during inspections or audits

  • Risk mitigation

    • Conduct regular audits and privacy impact assessments to identify and mitigate risks in data-handling and processing, and develop a risk register

    • Create and manage a data inventory, and ensure proper data classification and security controls across the organization

    • Train employees & contractors on compliance policies and data privacy practices to ensure company-wide adherence

    • Conduct third-party due diligence and maintain a vendor risk management program

    • Work with insurance brokers to ensure optimal coverage levels are in place

  • Reporting

    • Ensure timely and accurate reporting to stakeholders, regulatory authorities, and customers

  • Privacy incident management

    • Oversee privacy incident management, including breach notifications, investigations, and reporting

    • Work with legal teams to ensure timely and appropriate responses to data breaches or regulatory concerns

  • Work closely with the Director of Security & IT to develop joint incident response playbooks, vendor risk management processes, and product review checklists

You should have:

  • A bachelor’s degree in law, business administration, information technology, or a related field; advanced degree preferred

  • Minimum 8 years of experience in privacy compliance, risk management, or a related role in a product technology or SaaS environment

  • In-depth knowledge of data privacy laws and regulations (SOC2, GDPR, CCPA)

  • Strong analytical skills and experience conducting audits and assessments

  • Excellent communication and interpersonal skills, with the ability to engage and influence stakeholders at all levels

  • Proven ability to develop and implement effective compliance programs and policies

  • Experience in incident management and partnering with legal teams on data breaches

Bonus:

  • Health tech or GME industry experience

The salary range for this position is $120,000 - $155,000 and a grant of stock options. Final compensation will be determined based on experience, skills, and geographic location.

#LI-Remote

#LI-LH1

Our Mission, Vision, and Strategy ...

Our Mission (what we're trying to accomplish):

To help the right doctors end up in the right hospitals to treat the right patients

Our Vision (why it matters):

  • To help doctors achieve their life dream of practicing medicine
  • To help hospitals serve their mission and their community
  • To help the broader healthcare system improve patient care

Our Strategy (how we're going to do it):

To use technology to fundamentally improve the process of helping match the right doctors to the right hospitals

Our Values ...

Bravery with Purpose: We are leaders. Thalamus was founded to challenge the status quo, no matter how ingrained a process might be. We take chances while calculating risk. Even when opportunities don’t go as expected we study our results and try again.

Imagination Optimized: Imagination requires knowledge; without knowledge there are only ideas. At Thalamus, we imagine and create optimized solutions for our team, partners, and customers. We are flexible in approach, efficient in process, and nimble in scope and scale. We encourage personal and professional learning, collaboration, and growth.

Genuine Collaboration: We are passionate about our work and how we do it. We support our team, partners, and customers with respect, integrity, and sincerity. We rely on each other to achieve our goals accurately and efficiently. We are a better company when we are a better team.

We are opportunistically equitable, so diversity, inclusion, and belonging can flourish.

Our Commitment ...

Thalamus is a mission-driven organization centered on the belief that our company should model what we want of the US healthcare system, that the diversity of providers aligns with patient populations. We believe this is best achieved by building a team with a diversity of backgrounds, cultures, and experiences, including “distance traveled.” Thalamus is an equal opportunity employer. We do not discriminate based upon race, religious creed, color, national origin, ancestry, physical or mental disability, medical condition, genetic information, marital status (including registered domestic partnership status), sex and gender (including pregnancy, childbirth, lactation, and related medical conditions), gender identity and gender expression (including transgender individuals who are transitioning, have transitioned, or are perceived to be transitioning to the gender with which they identify), age, sexual orientation, Civil Air Patrol status, military and veteran status, and any other consideration protected by federal, state, or local law. We encourage those who really want to make an impact and who exemplify our core values to apply for our open positions.

*This position is based in the United States, and you must be legally authorized to work in the United States.

Apply now
See more open positions at Thalamus
Privacy policyCookie policy